News

CSO Online3d
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
Bleeping Computer1y
GitHub comments abused to push malware via Microsoft repo URLs
BleepingComputer looked into it and found that the files are not part of vcpkg but were uploaded as part of a comment left on a commit or issue in the project. When leaving a comment, a GitHub ...
GitHub’s new AI coding agent can fix bugs for you
GitHub is launching an AI coding agent that can do things like fix bugs, add features, and improve documentation — all on a ...
TechRadar2mon
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware. Kaspersky said it observed hundreds ...
SecurityWeek15d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Computing3mon
Lazarus Group hiding malware in GitHub and open-source packages
The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...
Bleeping Computer3y
Open source 'Package Analysis' tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF ... the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages. This week, OpenSSF released its ...
Computing2mon
GitHub supply-chain attack threatens 23,000 organisations
The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.